Drop all carried CVE patches from python3.14 — upstream in 3.14.4

Verified against python/cpython that every CVE patch on the 3.12 fork has a
3.14-branch backport PR that merged before 3.14.4's release on 2026-04-07:

  CVE-2026-0672 → PR python/cpython#144089 (merged 2026-01-23)
  CVE-2026-0865 → PRs python/cpython#143972 + #144761 (merged 2026-01-17 / 02-21)
  CVE-2026-1299 → PR python/cpython#144182 (merged 2026-01-25)
  CVE-2026-4519 → PRs python/cpython#146214 + #148042 (merged 2026-03-23 / 04-03)

The CVE-2025-* patches are even older and were already in 3.14.0 (GA 2025-10).
Carrying patches we don't need adds hunk-maintenance cost, rebase risk, and
auditor confusion with no upside.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: Ihar Voitka